No the UID and GID can be dynamically created. I have integrated
eDirectory and LTSP and I only enter the new users in to Novell
eDirectory ... all the rest happens automatically on the LTSP when a
new user logs in for the first time. I hope this helps, as this syntax
was a key break-through when I set up my Netware / LTSP integration.|
= = = = = = = copy of portion of system-auth file = = = = = = = =
## note this following line is ALL ONE LINE - there is not line break
auth sufficient /lib/security/pam_ncp_auth.so nullok use_first_pass ndsserver=DBHSNS1:ou=dbhs.ou=CerdS.o=CE,ou=2005.ou=dbhs.ou=CerdS,ou=2006.ou=dbhs.ou=CerdS,ou=2007.ou=dbhs.ou=CerdS.o=CE,ou=2008.ou=dbhs.ou=CerdS.o=CE -a -d -L -u2000,4000,pn,gcd -g2000,4000,pn -A
## the -a switch seemed to make it magically create a new user in Linux
## from an existing Novell account
# -zA = automount
# -A = "Notice the -A argument is necessary for TCP/IP operation and you do not have to load the IPX protocol"
# -d : turn on debugging output
# -v : display reasons login failures on terminal (default)
# -q : do not display login failures
# -s : disallow SUPERVISOR from logging-in
# -S : disallow SUPERVISOR equivalent from logging-in (NYI)
# -uMIN,MAX,CFLAGS,MFLAGS : parameters for user creation
# -gMIN,MAX,CFLAGS : parameters for group creation
# r : When creating user, it must take uid from UNIX:UID property. If uid
# is already used, or object does not have UNIX:UID property, user is
# not allowed to login.
# p : When creating user, preffer uid from UNIX:UID property.
# n : When inventing uid for new user, take one which is one greater than
# highest used uid in MIN,MAX range.
# f : When inventing uid #auth sufficient pam_stack.so service=system-authfor new user, take first unused in MIN,MAX range.
# If you specify both 'r' and 'p', or both 'n' and 'f', behavior is undefined.
# User modification is enabled by non-empty MFLAGS option in -u parameter.
# MFLAGS can consist of one or more following letters:
# g : Update user's primary gid according to NDS database.
# c : Update user's gecos (comment, full name) according to NDS database.
# d : Update user's home directory according to NDS database.
# s : Update user's shell according to NDS database.
# If -g,,r or -g,,p is specified, group's UNIX:GID attribute is read from NDS.
# If attribute does not exist,and 'r' was not used, new gid is invented according
# to min, max and n/f values in -g option.
# If -u,,r or -u,,p is specified, user's UNIX:UID attribute is read from NDS.
# If attribute does not exist,and 'r' was not used, new uid is invented according
# to min, max and n/f values in -g option.
# During user creation, home directory is retrieved from UNIX:Home Directory,
# login shell from UNIX:Login Shell. If UNIX:Home Directory does not exist,
# /home/$cn is used as home directory for user. If UNIX:Login Shell does not exist,
# /bin/bash is used.
Guy Lessard wrote:
Is setting UID and GID necessary in eDirectory for ncpfs to work?, i did'nt add a single ID to anyone or is this mandatory to maintain the K12 servers and Native file access operational? As for squid/edirectory, i dont know of any solution. David Tisdell a écrit :Hi all, Guy Lessard has been helping me out (and doing a great job) but if anyone has any other insight feel free to chime in. I want to raise 2 separate issues: 1) With Guy's help, I am switching over to ncpfs. I had been running Novell's native file access for Unix but ran into an unsolvable problem and decided to abandon it in favor of ncpfs. We assigned all of our users UID numbers and a default GID in the unix tab in consoleone. Even though unix info is entered into edirectory, ncpfs doesn't seem to be picking up on it consistently. I had a few select people using Native File access for UNIX since the beginning of last school year. Those UIDS seem to get picked up by ncpfs. We added the rest of the student body this summer. Those newer UIDS don't seem to be seen by ncpfs. I downloaded and installed the ncpfs snapins for nwadmn32. I then viewed a couple of users that had Unix ids from last year and the Unix information was identical to whay I see in Consoleone. I then viewed a couple of users that we added UIDS for this summer and though the unix info could be seen in Consoleone, it didn't show up in the ncpfs snapins for nwadmn32. I did upgrade from Netware6 to 6.5 this summer and the UIDs were added after the 6.5 upgrade. I also read somewhere that Novell completely rewrote Native File Access for Unix in 6.5. This may be the root of the issue. I just want to make sure UIDs are consistent across multiple K12LTSP servers and that no one loses access to anything that I might have to spend time chasing down. 2) The second issue is: Has anyone turned on authentication in squid and had it authenticate against edirectory? I have tried to use LDAP for this but haven't been successful. There was a doc on Novell's cool solution web site but much of the syntax in it was incorrect. I haven't gotten it to work. I was wondering if I could use ncpfs in place of LDAP if no one has any insight on how to get this to work via LDAP. Thanks. Dave __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo _______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>_______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>